<?php
if(isset($_POST['action'])){
    $db = new Database();
    $settings = $db->query("SELECT * FROM tbsettings","row");
    $auth = Auth::getAuth('current_user');
    $userID = $auth['id'];
    $password = $auth['password'];
    // Delete Document from the database
    if($_POST['action']=="newUsername"){
	$new_username = $_POST['newUsername'];
	$conditions = array("id"=>$userID);
	$fields = array("username"=>$new_username);
	$db->update("tbuser",$fields,$conditions);
	$login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($userID)} ","row");
        Auth::setAuth('current_user',$login);
	$audit = array(
			"user_id"=>$userID,
			"action_id"=>16,
			"affected_table"=>"tbuser",
			"affected_record"=>"usermaintenance",
			"datetime"=>date("Y-m-d  H:i:s"),
			"is_active"=>1
			);
	$db->insert("tbaudit_trail",$audit);
    // Edit Password and change it to a new one
    }elseif($_POST['action']=="newPassword"){
	$new_password = md5($_POST['newPassword']);
	$oldPassword = md5($_POST['oldPassword']);
	if($password!=$oldPassword){
	    echo "no";
	}else{
	    $conditions = array("id"=>$userID);
	    $fields = array("password"=>$new_password);
	    $db->update("tbuser",$fields,$conditions);
	    $login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($userID)} ","row");
	    Auth::setAuth('current_user',$login);
	    $audit = array(
			"user_id"=>$userID,
			"action_id"=>17,
			"affected_table"=>"tbuser",
			"affected_record"=>"usermaintenance",
			"datetime"=>date("Y-m-d  H:i:s"),
			"is_active"=>1
			);
	    $db->insert("tbaudit_trail",$audit);
	}
    // 
    }elseif($_POST['action']=="newAccountDetails"){
	$newFname = $_POST['newFname'];
	$newLname = $_POST['newLname'];
	$fields = array("firstname"=>$newFname,
			"lastname"=>$newLname);
	$conditions = array("id"=>$userID);
	$db->update("tbuser",$fields,$conditions);
	$login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($userID)} ","row");
	Auth::setAuth('current_user',$login);
	$audit = array(
			"user_id"=>$userID,
			"action_id"=>18,
			"affected_table"=>"tbuser",
			"affected_record"=>"usermaintenance",
			"datetime"=>date("Y-m-d  H:i:s"),
			"is_active"=>1
			);
	    $db->insert("tbaudit_trail",$audit);
	echo "Successfull";
    }elseif($_POST['action']=="logout"){
	
	$timeUpdated_1 = 1; // Set if user has done updating 
	$timeUpdated_0 = 0; // Set if user was nt done updating 
	
	$condition = array("id"=>$userID);
	$fields = array("updated"=>$timeUpdated_0);
	    $db->update("tbuser",$fields,$condition);
	$login = $db->query("SELECT *
                                    FROM tbuser
                                    WHERE id={$db->escape($userID)} ","row");
	Auth::setAuth('current_user',$login);
    }elseif($_POST['action']=="deleteEmptyFields"){
	$condition = array("expiryDate"=>'');
	$db->delete("tbdealer",$condition);
    }elseif($_POST['action']=="generateTxtFiles"){
	$nameDate = date("Ymd");
	$myFile = $settings['exportRedeem'].$nameDate."_redeemed.txt";
	$fh = fopen($myFile, 'w') or die("can't open file");
	$getRedeem = $db->query("SELECT * FROM tbredeem WHERE date=CURDATE()","array");
	foreach($getRedeem as $data){
	    $quan = explode(",",$data['quantity']);
	    $prodID = explode(",", $data['product_id']);
	    for($a=0;$a<count($quan);$a++){
		$getProd = $db->query("SELECT * FROM tbproduct WHERE id='$prodID[$a]'","row");
	    $stringData = $data['date'].",".$getProd['itemCode'].",".$getProd['product_name'].",".$quan[$a]."\r\n";
	    fwrite($fh, $stringData);
	    }
	}
	
	fclose($fh);
	echo "Successfully generate file.";
    }
}

